couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svilen>
Subject Re: replication on touchdb and authentication
Date Mon, 11 Feb 2013 18:45:37 GMT
> > well i know i can store the passwords, be it secure or not.. but i
> > don't want to. i want to store cookies instead. Like a browser does.
> > And start any replications by authenticating with those.
> > can i do that?
> You don’t authenticate with cookies. Cookies are just a way to
> persist session state between requests. The session itself has to be
> authenticated using credentials: a username/password, or OAuth token,
> or BrowserID assertion.
> In other words, the way you get a cookie in the first place is by
> posting a credential to _session (or _browserid). So you have to have
> access to that credential. Moreover, sessions expire — I believe the
> default expiration interval in CouchDB is one day — so you can’t just
> forget the credential after the first login, unless you want to make
> the user retype the password every day (which is a good way to lose
> users.)

mmh. i bet i never asked for about the credentials at all.

so in your words, how to make the replicator use the
persisted-session-state cookie instead of re-auth?

if it can't be done, just say so.

View raw message